Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/zu9DHS5FAUzuVfAvux6rnQjYzBM.roa
File:                     zu9DHS5FAUzuVfAvux6rnQjYzBM.roa (raw, json)
Hash identifier:          FTzNRMbM7n+YoDbi/CFcBrSzaAf6isUFlUuXgZ96QzE=
Subject key identifier:   CE:EF:43:1D:2E:45:01:4C:EE:55:F0:2F:BB:1E:AB:9D:08:D8:CC:13
Certificate issuer:       /CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Certificate serial:       01825457E818E4FA72693AC49D29E9FB723E
Authority key identifier: 9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/zu9DHS5FAUzuVfAvux6rnQjYzBM.roa
Signing time:             Sun 31 Jul 2022 13:00:23 +0000
ROA not before:           Sun 31 Jul 2022 13:00:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61439
IP address blocks:        2a0d:8041::/32 maxlen: 32
                          2a0f:a1c1::/32 maxlen: 32
                          2a0d:8044::/32 maxlen: 32
                          2a0f:a1c4::/32 maxlen: 32
                          2a0d:8045::/32 maxlen: 32
                          2a0f:a1c5::/32 maxlen: 32
                          2a0f:a1c2::/32 maxlen: 32
                          2a0d:8042::/32 maxlen: 32
                          2a0d:8043::/32 maxlen: 32
                          2a0f:a1c3::/32 maxlen: 32
                          2a0f:a1c7::/32 maxlen: 32
                          2a0d:8047::/32 maxlen: 32
                          2a0d:8040::/32 maxlen: 32
                          2a0f:a1c0::/32 maxlen: 32
                          2a0d:8046::/32 maxlen: 32
                          2a0f:a1c6::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:54:57:e8:18:e4:fa:72:69:3a:c4:9d:29:e9:fb:72:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
        Validity
            Not Before: Jul 31 13:00:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ceef431d2e45014cee55f02fbb1eab9d08d8cc13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a4:f1:b5:a8:1f:87:7b:20:d6:3e:64:3a:a5:
                    f2:69:32:50:77:d5:2d:ae:a1:81:ce:a1:64:3b:e4:
                    f0:91:85:9d:35:21:e5:a8:34:9d:a4:26:2a:75:bf:
                    c2:d6:c9:d5:4d:86:6d:45:c7:53:e6:fc:f2:d6:3e:
                    ae:84:15:16:fd:42:5b:7f:b1:a3:6c:f4:dd:6e:02:
                    43:15:aa:d1:c2:42:b4:d2:21:77:e2:1d:c8:1c:91:
                    96:fb:c2:59:e1:74:84:4e:65:39:f5:6a:8e:16:e3:
                    95:cc:79:26:e1:c6:a6:e8:b8:6a:4c:95:cc:44:0c:
                    d7:f6:78:05:3b:3c:ed:fd:ec:2b:44:00:92:bb:7c:
                    3b:98:f4:18:1f:f5:e6:dc:7f:d5:06:36:70:35:9f:
                    76:75:18:69:4e:4b:f4:cb:4b:c6:4f:5d:83:93:74:
                    8e:36:30:eb:38:1a:f0:37:5e:c1:2b:e4:9c:3b:8f:
                    b2:fe:54:86:14:88:6b:81:6b:d5:82:1f:59:bd:3b:
                    0f:e4:2e:4e:cf:e4:29:59:41:f0:a1:d0:53:af:85:
                    fd:57:14:d2:6f:ab:00:c5:fe:b0:42:96:ce:cc:56:
                    96:86:2f:02:71:9a:ec:38:53:73:ab:0f:58:7a:f9:
                    17:36:91:37:08:32:71:c1:a8:70:15:ab:82:65:b0:
                    dc:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:EF:43:1D:2E:45:01:4C:EE:55:F0:2F:BB:1E:AB:9D:08:D8:CC:13
            X509v3 Authority Key Identifier:
                keyid:9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/zu9DHS5FAUzuVfAvux6rnQjYzBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8040::/29
                  2a0f:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         d3:fa:c6:50:0f:39:30:d6:87:43:8e:c5:2c:47:8c:17:33:12:
         33:6e:74:0e:76:eb:6b:cb:7a:54:4e:36:a9:bf:14:2d:ce:a0:
         b8:34:cd:07:3e:08:73:e4:04:77:90:90:f9:77:0d:9c:9c:22:
         90:23:4a:31:ac:28:af:15:6f:1c:76:bd:d8:24:4b:73:4a:11:
         1e:52:39:bc:f5:14:84:62:ff:0d:e3:48:55:c4:77:31:6d:2c:
         f6:fa:7f:69:09:1b:70:b3:af:43:64:c7:c3:54:ff:c0:aa:7a:
         ab:b1:d8:fe:7a:88:44:94:e1:7c:de:20:05:b1:16:2d:5e:b9:
         1a:86:18:81:46:e5:2e:a7:78:da:47:22:0d:97:96:bf:43:65:
         f9:76:b2:09:de:57:a8:d7:b0:1f:2e:05:25:aa:3e:5b:10:bd:
         ca:1f:51:27:6e:73:0b:18:2c:c0:50:7f:46:39:b8:3d:66:2e:
         49:d0:a9:18:ac:46:57:b7:9e:8a:6c:94:fb:cc:0c:39:eb:66:
         4d:83:d8:e2:6d:d8:64:ef:e9:3c:13:88:ba:29:fd:91:1f:0c:
         b8:79:c9:77:d1:e7:3e:c1:70:5f:3c:3d:c7:10:57:58:a0:0e:
         27:14:44:b6:09:7a:7f:08:17:f8:b2:d5:21:bf:83:d4:8f:3d:
         a6:e1:d5:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYJUV+gY5PpyaTrEnSnp+3I+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWFlZDk5MTNmODg4MGFmNzU1N2VlZjNlZjAyZDZlMGZm
M2ZkNDkwHhcNMjIwNzMxMTMwMDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWVmNDMxZDJlNDUwMTRjZWU1NWYwMmZiYjFlYWI5ZDA4ZDhjYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKTxtagfh3sg1j5kOqXyaTJQd9Ut
rqGBzqFkO+TwkYWdNSHlqDSdpCYqdb/C1snVTYZtRcdT5vzy1j6uhBUW/UJbf7Gj
bPTdbgJDFarRwkK00iF34h3IHJGW+8JZ4XSETmU59WqOFuOVzHkm4cam6LhqTJXM
RAzX9ngFOzzt/ewrRACSu3w7mPQYH/Xm3H/VBjZwNZ92dRhpTkv0y0vGT12Dk3SO
NjDrOBrwN17BK+ScO4+y/lSGFIhrgWvVgh9ZvTsP5C5Oz+QpWUHwodBTr4X9VxTS
b6sAxf6wQpbOzFaWhi8CcZrsOFNzqw9YevkXNpE3CDJxwahwFauCZbDcKQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM7vQx0uRQFM7lXwL7seq50I2MwTMB8GA1UdIwQY
MBaAFJwa7ZkT+IgK91V+7z7wLW4P8/1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2Et
NWU2MjRhMzAzOGNmLzEvenU5REhTNUZBVXp1VmZBdnV4NnJuUWpZekJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2EtNWU2MjRhMzAzOGNm
LzEvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg2AQAMF
AyoPocAwDQYJKoZIhvcNAQELBQADggEBANP6xlAPOTDWh0OOxSxHjBczEjNudA52
62vLelRONqm/FC3OoLg0zQc+CHPkBHeQkPl3DZycIpAjSjGsKK8Vbxx2vdgkS3NK
ER5SObz1FIRi/w3jSFXEdzFtLPb6f2kJG3Czr0Nkx8NU/8Cqequx2P56iESU4Xze
IAWxFi1euRqGGIFG5S6neNpHIg2Xlr9DZfl2sgneV6jXsB8uBSWqPlsQvcofUSdu
cwsYLMBQf0Y5uD1mLknQqRisRle3nopslPvMDDnrZk2D2OJt2GTv6TwTiLop/ZEf
DLh5yXfR5z7BcF88PccQV1igDicURLYJen8IF/iy1SG/g9SPPabh1Z4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:06 2024 by rpki-client on console-fra.rpki-client.org